Human Rights Protocol Considerations (hrpc) research group, IRTF, IETF 118

Welcome and Introduction: Intro and Note Well - 10 min

Talk: Internet connectivity in Gaza - Ahmad Alsadeh, ISOC Palestine - 30 min

No questions/discussion.

Talk: Tech standards and human rights - OHCHR - 30 min

(No slides) Link to the report presented:
https://www.ohchr.org/sites/default/files/documents/hrbodies/hrcouncil/sessions-regular/session53/advance-versions/A_HRC_53_42_AdvanceEditedVersion.docx

• How is OHCHR expanding its work in this area?
• What about SDOs that don't act like businesses?

OHCHR plans to hire an additional staff member.

Our analysis applies to all SDOs; we make a distinction for legal
reasons.

• An additional danger: forum-shopping. There are many paths to
  standardization, and it's antidemocratic for states to delegate to
  less-transparent bodies.

There would be opposition to OHCHR being able to determine where you can
go for standardization.

• Tension: Sufficient participation in standards-setting v. states
  exerting more control. Has there been outcome-based analysis of how
  states interface with standards-setting?

There hasn't been. It's a question of how things play out in practice.

• How can we turn these from "nice to haves" to requirements? Does it
  work to start from the UN sustainable development goals?
• Have you developed any recommendations that are SDO-specific? Do you
  have any specific asks of the IETF?

hrpc and many individuals have done great work. It would be great to see
this approach adopted more widely within the community.

• It's challenging for SDOs to monitor for impact once their
  standards have been published. It would be interesting for SDOs to
  think about how they can close that loop.
• See also RFC 8280 and new draft guidelines.

Talk: Tech-assisted gender-based violence - Stephanie Mikkelson, UNFPA - 30 min

• These are important ideas. What is the overlap with the IETF's work?

This is very high-level ideas and principles that we can apply
throughout our work. How do you handle consent and privacy?

(See also: the draft on intimate-partner violence and compare to
analyzing censorship techniques in terms of low-level network access,
etc.)

• IETF people can be knowledgeable about encryption without being
  knowledgeable about real-world threat models. Please do contribute
  that knowledge.
• Is the weaponization of the freedom of speech relevant?

We've worked with the special rapporteur on the freedom of expression.

• There's an ongoing "tussle" in the IETF between privacy concerns and
  identity requirements. For example, whether an identity is full or
  pseudonymous becomes an operational issue for law-enforcement
  access.

• We could learn from your principles on participatory design. We
  don't know how to effectively include participation from the most
  affected people in these issues, transparently but without
  necessarily involving them publicly.

Engaging survivors in a safe and ethical way is our space. Participatory
and inclusive doesn't mean going to your local hotline or someone you
know. One in three women is a survivor of gender-based violence. We have
ethical guidelines that speak specifically to how to do this.

• More support for considering real-world threat models as well as
  protocol-level encryption. Slides 13–15 are especially valuable on
  the safety/security/privacy triangle. How is the Venn diagram of
  threat actors built?

• Do you have examples of changing the power dynamics of technology
  that we can take to the technical level?

We're doing monitoring for the https://www.gbvims.com/ framework
now.

(Help desks and hotlines are increasingly being embedded within shelters
to share this knowledge for serving end users.)

Updates (5 minutes each)

draft-celi-irtf-hrpc-ipvc

• Overview of the draft: adopted by the working group for community
  review

• An additional threat to consider: image disclosure. Additional
  outcomes: loss of job/livelihood; death. Also consider that children
  are often used to get access to an intimate partner. Also IoT
  devices.

draft-irtf-hrpc-association

• Back in the research group with suggested changes and two possible
  paths forward

• Request for the research group to weigh in and volunteer to
  contribute

• Suggest considering the impact of self-censorship on online
  association.

• The suggestion to make this an essay may reflect a question about
  different kinds of research. These are some illustrative examples
  and topics.

  • Could be addressed by rephrasing to avoid claiming it's more
    comprehensive/systematic than it is.
  • Is there a problem with the methodologies themselves? Or can we
    document better what the methodologies were?
  • It would be better to explain why the specific examples were
    chosen out of a literature review.
  • (Chat:) Different disciplines have different standards/styles
    for literature reviews.